I have an encrypted root and several other encrypted partions encrypted with cryptsetup.
This has worked flawlessly for years using openrc but I can not make it work with systemd.
Does anyone know how it can be done using systemd?

The way it worked with openrc

I use the following initramfs
which mounts / (usr is on the same root partition.)

This boots me into the text console bash. I then cryptsetup and mount the other encyrpted partitions by hand.
My ethernet device (which has been persistently renamed to eeth0) does not come up, so I bring the internet up with

Code:

ifconfig eeth0 up
dhcpcd eeth0

I then start kdm manually.

So at this moment I am able to boot using systemd + a fair amount of manual work of my own. I am a far cry from have everything automated but intend to play around with it a bit more.

Progress Report
By following the man page for crypttab I can get systemd to setup luks encrypted partions..
Specifically, by placing

Code:

sda8 /dev/sda8

as a line in /etc/crypttab, systemd prompts me for a password during boot and all works just fine.
However man crypttab also gives instructions for giving a path to a file that contains the password and then not having to enter the password in the terminal during boot.

I can not make this work.

More importantly, two of my encrypted block devices are not in luks format. For example when using openrc
I put the following line in the appropriate place in /etc/init.d/fsck

Code:

cryptsetup --key-file=/root/.gnupg/sda9crypt create sda9 /dev/sda9

This worked just fine in openrc

However I have not been able to make it work using /etc/crypttab and systemd . In one of my attempts I added

Code:

sda9 /dev/sda9 none plain,key-file=/root/.gnupg/sda9crypt

to /etc/crypttab.

and in another I added

Code:

sda9 /dev/sda9 plain,key-file=/root/.gnupg/sda9crypt

In all of my attempts, I was prompted for a password during boot, which is ridiculous as there is none. Even when I typed in the path to the key rather than the non-existent password,
systemd failed to set this up for me.

Does anyone know if this is a bug or a failure on my part?

Comment thanks to croutch for all of the good suggestions regarding this and sytemd in general. Except for the encrypted partition problem, everything work very well and with great speed. I was happy with every aspect of systemd except for the encryption problem. However that failure is a deal breaker for me.

Unless someone has a solution, I will be removing systemd from my system and reverting to openrc in a few days.
I should point out that I really like openrc, but was also curious to give systemd a try.

My searches on the internet have led me to believe that systemd's encryption setup does not support all of the of the encryption types that cryptsetup does, and in
particular does not support some of mine (plain) or luks with a keyfile rather than a password.. (added in edit Oct 17) I now know that it does support luks with a keyfile-see my next post

And this does not cover some of my encyrption types. I believe that this is why systemd hangs when trying to mount my encrypted partitions.

So here is what I now do to succeed (In fact nothing else that I have tried works.)

Mark all of the encrypted partitions as nonauto in the options section of /etc/fstab, so that systemd leaves them alone.
write a bash script (I called it /root/sys.sh) that does cryptsetup, fsck and then mounts the encrypted partitions.
At then end of the script add systemctl start kdm

It is possible to do the cryptsetup and mounting in the initramfs, but alas busybox does not support fsck.ext4, so this means that fsck would not be done on these partitions

Perhaps it is possible to have systemd run my sysd.sh script for me to automate everything for me, but I haven't delved enough into systemd yet to be able to do this.

The booting is really not noticeably fast given all of my customizations, but the shutdown is blinding fast.

(1) The one outline above by init_6.
Thank you init_6 for explaining how to do all of this in the initramfs. This solution has the advantage of not requiring changes to the partitions and encryption, which the 2nd solution does

(2) Redoing the partitions and encryptions to be compatible with systemd's crypttab.
I have identified what I believe are the 2 reasons that systemd did not mount my encrypted devices as they were set up before many years ago.
(i) one of my encrypted devices was /dev/sdb (an entire drive rather than a partition) I noticed that the command blkid does not even list /dev/sdb, tho' it does pick up partitions.
(ii) the encryption for /dev/sda9 was done previously with the command cryptsetup --key-file=/root/.gnupg/sdbcrypt create sda9 /dev/sda9
Despite many attempts and hints in the man crypttab page that this should be possible, I have been unable to make (ii) work under systemd and /etc/crypttab.
Therefore I tried the following, and found that it works:
(A) Change the type of encrypted partitions to luks (see man cryptsetup for details) To avoid having to enter a password at boot, I did this with the following command

Code:

cryptsetup luksFormat /dev/sda9 /root/.gnupg/sda9crypt

for my /dev/sda9, add the following line to /etc/crypttab

Code:

sda9 /dev/sda9 /root/.gnupg/sda9crypt luks

Of course I had to previously create the key /root/.gnupg/sda9crypt as per standard cryptsetup instructions. (There are many wikis on this)

(B) Partition any unpartitioned encrypted drives. For example /dev/sdb is partitioned to contain the single partition /dev/sdb1, and this is then encrypted as in (A).

Perhaps there are other solutions using /etc/crypttab, but this is the only thing that worked for me.

Of course, /etc/fstab willl need to be modified.

WARNING: Data must be backed up on drives and partitions that are being changed as above, and then restored after the changes have been made.
In may case with two 2 terabyte drives and a 500 gb drive, this took considerable time to do.

Thanks to everyone for their help. I am now marking this as "solved"
Added in edit Don't forget to set the cryptosetup use flag